examining/auditing between forests

I'm trying to use one instance of ALE to monitor lockouts in two separate domains that are in different forests. It is not working.

Within each domain, ALE works as it should. But if I try to monitor the DCs in the other domain, it always fails, even though I have a trust that allows domain B to trust domain A (where ALE is installed), and the service account and my own account in A are either administrators of B, or local admins on the member servers in B.

Before I start trying strange combinations of AD permissions and trusts that may not help at all, does anyone have any experience with doing this sort of thing? Is there any scenario where this would work at all, or is it just not a use case for the product?